1 files changed, 22 insertions, 0 deletions

diff --git a/UPDATING b/UPDATING
index a06b927b1bfe..483d9e7d1ef2 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,28 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20191126:
+  AFFECTS: consumers of net/py-urllib3
+  AUTHOR: kai@FreeBSD.org
+
+  Since version 1.25 HTTPS connections are now verified by default which is
+  done via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification
+  can be disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to
+  leave it on.
+
+  Various consumers of net/py-urllib3 already have implemented routines that
+  either explicitly enable or disable HTTPS certificate verification (e.g.
+  via configuration settings, CLI arguments, etc.).
+
+  Yet it may happen that there are still some consumers which don't
+  explicitly enable/disable certificate verification for HTTPS connections
+  which could then lead to errors (as is often the case with self-signed
+  certificates).
+
+  In case of an error one should try first to temporarily disable
+  certificate verification of the problematic urllib3 consumer to see if
+  this approach will remedy the issue.
+
 20191125:
   AFFECTS: users of emulators/qemu
   AUTHOR: bofh@FreeBSD.org